A new global survey by the Ponemon Institute on IT security infrastructure finds that 83 percent of organizations believe they are most at risk for cyberattack because of organizational complexities.

“Employees are not following corporate security requirements because they are too difficult to be productive, plus policies hinder their ability to work in their preferred manner,” the study noted. “It is no surprise that shadow IT is on the rise because employees want easier ways to get their work done.”

The study, which was sponsored by Citrix, finds that employees are increasingly putting data on their personal devices, meaning key corporate information is accessible from any laptop, phone or tablet left sitting at a desk or coffee shop. And data assets are increasing, putting more information at risk, according to 87 percent of survey respondents.

The results also found that security and IT professionals are truly concerned about their current operations:

The protection of apps and data is more critical than ever, with 74 percent of businesses saying that a new IT security framework is needed to improve security posture and reduce risk.

71 percent say there is risk from their inability to control employees’ devices and apps.

As for planning for the future:

73 percent say data management, 76 percent say configuration management, and 72 percent say app management are the keys to reducing the security risk over the next two years in building a new IT infrastructure.

75 percent say their organization is not fully prepared to deal with the potential security risks resulting from Internet of Things (IoT).

“In every region of the world, businesses must accept the fact that security practices and policies need to evolve in order to deal with threats from disruptive technologies, cyber crime and compliance,” according to Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “The research reveals respondents’ awareness of the need to challenge the status quo of their IT security strategies and consider a new IT security architecture to safeguard their organizations from cyber risks.”